Setting up, performing and continuously refining TARA involves several sequential steps that need to be worked through correctly. In this video course entitled "Attack Path and Feasibility Analysis", we will look at the method of Attack Path Analysis and Feasibility Analysis, which play an important role after the Definition of Threat scenarios along the TARA - aligned with the requirements of ISO/SAE 21434.

We begin by pointing out where Attack Path and Feasibility Analysis take part in the TARA process and how they fit in the overall process of producing a cybersecurity goals definition. Then we get right into what Attack Path Analysis means and present the different known approaches, known as the top down approach and the bottom up approach. After that, we will discover how exactly should we choose a structural approach to perform the Attack Path Analysis.

In the next part of the video course, we will explain how the Attack Feasibility Assessment can be performed after the Attack Path Analysis. We will explain what Attack Feasibility is all about, what information is involved (also taking into account ISO/SAE 21434), what factors are considered in detail and how this step is embedded in the entire TARA process.